Navigating the Legal Pitfalls of Augmented Reality

In the past year, augmented reality (AR) has moved beyond a sci-fi novelty to a credible marketing tool for brands and retailers. While part of a niche industry, AR applications are being championed by tech players like Google and Nokia, and a host of mobile app developers have launched AR apps for the growing number of smartphones and portable computing devices. Tech analyst firm Juniper Research estimates that AR apps will generate close to $300 million in global revenue next year.

The power of AR, particularly for marketers, is its ability to overlay highly relevant, timely and interactive data about specific products or services within a user’s live physical environment. For example, companies are using AR to transform home or online shopping by bringing to life static, two-dimensional images -- see Ikea’s 2013 catalog and Phillips TV Buying Guide mobile app -- or leveraging geolocational data to augment users’ real-world retail experiences with instant data on pricing, reviews or special discounts (such as IBM’s personal shopping assistant).

If you’re considering whether to add an AR app to your marketing mix, be aware that traditional advertising law principles still apply, and that both federal and state regulators are keeping a watchful eye on AR’s potential impact on consumer privacy.

Traditional Advertising and Disclosure Rules Apply

A unique aspect of AR is that it allows retailers to give online or mobile shoppers a realistic, up-close, three-dimensional or enhanced view of their products prior to purchase (think virtual dressing rooms). If your AR app is used to promote or drive sales for a particular product, be sure to avoid overstating or exaggerating the features, functions or appearances of the product, or leaving out material information that could sway the consumer’s purchasing decision.

In September, the Federal Trade Commission (FTC) published a marketing guide for mobile app developers. It clarifies that long standing truth-in-advertising standards apply in the virtual world to the same extent as in the real world.

The key takeaway: Disclosures must be clear and conspicuous. That is, you should look at your app from the perspective of the average user and ensure that disclosures are big and clear enough so that users actually notice them and understand what they say. Another rule of thumb is to keep your disclosures short and simple, and use consistent language and design features within your app. Before launching your app, carefully consider how best to make necessary disclosures visible and accessible in the AR context.

To unlock AR’s full potential, developers are integrating the visual elements of AR with users’ personal information, including geolocational and financial data, facial recognition information and users’ social media contacts.

Given the increased scrutiny over mobile app privacy practices (see here and here), the following four recommendations should serve as the starting point for your privacy compliance analysis as you develop your AR app.

Disclose your privacy practices. As with advertising disclosures, privacy-focused disclosures must be clear and conspicuous, and they must be available before users download your app. In October, as part of an ongoing effort to improve privacy protections on mobile apps, the California Attorney General notified a number of developers that their mobile apps did not comply with state privacy laws. These laws require online operators that collect personal information to post a conspicuous privacy policy that is reasonably accessible to users prior to download. The developers have 30 days to comply or risk penalties of up to $2,500 for each time the non-compliant mobile app is downloaded.

Obtain user consent before collecting location data. An increasing number of AR apps tap into geolocation data to provide the user with real-time information about their surrounding physical environment. The FTC’s guidance on mobile apps cautions developers to avoid collecting sensitive consumer data, such as precise location information, without first obtaining users’ affirmative consent.

Create a plan at the outset to limit potential privacy issues. Companies like Viewdle, which was recently acquired by Google, are using facial recognition technology to enhance AR features used in mobile gaming, social networking and social media. In October, the FTC issued a report on facial recognition technology that includes the following best practices when collecting users’ personal data: (1) collect only the personal data that you need, and retain it for only as long as you need it; (2) securely store the data that you retain, limit third-party access to a need-to-know basis and safely dispose of the data; and (3) tell users when their data may be used to link them to third-party information or publicly available sources.

Be careful with children. AR apps can be highly persuasive marketing tools, particularly with children, who may be unable to distinguish between the real and virtual worlds. Earlier this year, an FTC report found that few mobile app targeted to kids included information on the apps’ data collection practices. If you collect personal information from children under 13, you need to comply with the Children’s Online Privacy Protection Act (COPPA), which requires companies to obtain verifiable consent from parents before they collect personal information from their children. Under an FTC proposal now in review, “personal information” would include (1) location data emitted by a child’s mobile device; and (2) persistent identifiers such as cookies, IP addresses and any unique device identifiers, unless this data is used only to support the internal operations of the app.

Have you interacted with AR apps? Do you have concerns about the technology’s privacy and disclosure practices?